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AN  APPROACH  TO    AUTOMATING    THE    VERIFICATION 


OF   COMPACT    PARALLEL    COORDINATION    PROGRAMS.    II 


.    D.    Lubachevskv 


Abstract  -  This  paper  describes  an  algorithm  for  building 
reachability  set  descriptions  for  compact  parallel  programs,  introduced 
in  [3].  The  notion  of  a  controlled  vector  addition  system  (CVAS), 
which  generalizes  that  of  a  vector  addition  system,  is  introduced.  An 
algorithm  which  exhausts  all  the  reachable  states  of  a  CVAS  is 
described.  (Notions  of  compactness  and  of  a  normal  program  are 
introduced  in  [3].)  It  is  proved  that  if  the  program  to  which  the  CVAS 
corresponds  is  normal,  then  termination  of  this  algorithm  is  equivalent 
to   the   compactness    of   the    program. 


Typographical  conventions 
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1 .    I  n  t  rod  uc  t  io  n . 

The  notion  of  a  reachability  set  description  (RSD)  for  a  parallel 
program  was  intrcsduced  in  [3].  It  was  shown  how  to  verify  various 
properties  of  a  parallel  coordination  program  of  a  certain  class  using 
the  RSD.  A  geanetrical  model  underlying  the  notion  of  an  RSD  is 
introduced  in  this  paper.  This  model,  called  a  controlled  vector 
addition  system  (CVAS),  generalizes  that  of  a  vector  addition  system 
(VAS)  of  [2].  A  CVAS  is  a  set  of  rules  specifying  possible  transitions 
in  an  appropriate  k-dimensional  space.  A  reachable  state  of  the 
analyzed  program  corresponds  to  a  reachable  vector  of  the  CVAS.  We 
describe  an  algorithm  called  DEVELOP  for  building  RSDs  for  a  class  of 
CVAS. 

The  notion  of  compactness  and  of  a  normal  program  are  introduced 
in  [3].  We  remind  the  reader  that  compactness  means  the  following:  for 
a  given  set  of  initial  states  of  the  program,  there  exists  a  time  bound 
T  independent  of  the  number  of  executing  processing  elements  such  that 
any  state  of  the  program  may  be  reached  within  time  T  from  an  initial 
state.  1  It  is  proved  in  this  paper  that  DEVELOP  terminates  for  a  CVAS 
corresponding  to  a  normal  program  if  and  only  if  the  program  is 
compact. 


■"■Although  we   are    trying  here    to  make   this    discussion  as    independent      of 

[3]      as     possible,       the  reader      is      referred      to      [3]      for     a   complete 

fomulation  of   this    and  some   other   basic   definitions.        We     attempt      to 

indicate     points      where  these    definitions   are    required   and    to   sumnarize 
them. 


-2- 
2.    Reachability   sets   for   controlled    vector  addition   systems . 

2.1.    Definitions   and  a  statement    of   the  problem. 

A  k-dimensional  controlled  vector  addition  system  (C\'AS)  is  a 
quadruple  ^y  =  Ql  ,  V^,  W,  C)  in  which  11  is  a  set  of  vectors  with  k 
integer  coordinates,  V*^  is  a  subset  of  11  ,  W  is  a  finite  set  of  vectors 
with  integer  coordinates,  and  C  is  the  control ,  defined  as  a  function 
from  n  to  the  set  2^  of  all  subsets  of  W.  ■  The  reachability  set 
R  =   R    (H*)   is    the   set   of   all   vectors  v  of    the    form 

V  =   Vq  +  w^   +  W2   +.  .  .+  Wj-,      VQ  <<     V*^.       ^  =    0>    1>    2,  .  .  . 
such    that    for    i  =    1,    2 ,  .  .  .r    one   has: 

Vq   +  W]^    +  W2    +.  .  .+  Wj^  <<    n  , 

W^    <<      C     (vq    +   Wj     4-   W2     +.  .  •+    Wj__j      ) 


The  notation  II 1^  will  be  reserved  for  the  set  of  all  k-dimensional 
vectors  with  non-negative  integer  coordinates.  In  the  definition  of  a 
CVAS,  if  n  =  Rj,,  we  will  substitute  n^  for  n  .  Note  that  if  n  =  Ily^,  V° 
reduces  to  a  single  vector,  and  the  control  function  C  is  constant 
(i.e.  its  value  does  not  depend  on  the  argument  and  thus  may  be 
declared  as  W  without  loss  of  generality),  then  the  above  definition 
reduces    to  the    definition    [2]    of   a    vector  addition   system    (VAS). 
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The  basic  problem  is  building  an  observable  representation  of 
R  (4*)  for  a  given  CVAS  "f  .  Although  many  problems  concerning 
reachability  for  a  simpler  construct,  VAS,  are  in  general  undecidable 
[1],  we  will  show  tliat  the  specific  properies  of  CVAS,  corresponding  to 
parallel  programs,    often    irake    such  a    representation    possible. 

2.2.    ki_  example   of    CVAS_. 

Let   n    =   n-^,    1-et  N  be    any    positive    integer,    and    let   V      consist    of    a 

single    vector   v^  =    (N,    0,    0).      Define     W    =    {t^2'    '^2  1'    "^13'    '^31^'       where 

t^-    is  the    vector  of   transition    from   i    to    j,    i.e. 

t^2   =    (-1.    1,    0),  t2i   =    (1,    -1,    0), 

ti3  =    (-1,    0,    1),  t3i   =   (1,    0,    -1). 

Define    the    control    C   as   follow: 

for  all   V  =    (n^,    n2 ,    n3)    such   that    nj    >_   2 

Df 
C(v)    =    {t2i,    ti3,    t3i}    ==  Wl, 

for  all   other    v 

Df 
C(v)    =   {tj2,    t2i,    t3i}    ==  W2. 

Here   sets    Wl    and  W2    are  two   distinct    values    of    the    function   C.   Fig.    2.1 

represents  (planar)   reachability   set   R  for   this    CVAS  with  N   =   4.      (This 

graph  was   presented    in    [3],    Fig.    3.1.) 
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Fig.    2.1.    Reachability   set   for    the    CVAS  given  in   section   2.2. 
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2.3.    Auxili  ary    definition. 

Before  presenting  a  procedure  for  developing  the  reachability  set, 
we  define  some  functions  whose  arguments  and  values  are  sets  of 
vectors. 

Given  a  CVAS  f  =  (n  ,  V^,  w,  C)  we  have  a  finite  set 
{Wl,  VC ,  .  .  .  Wr}  of  subsets  of  W  as  distinct  values  of  function  C.  Let 
H.    =   C~^(Wi)       be     the      preimages      of    Wi    for    i    =    1,    2,...r.      We   call    the 


"rules"   Wi   governing    possible    "moves"   starting    in   them. 

In  general,  the  geometry  of  countries  may  be  complicated.  We  wish 
to  deal  only  with  sets  of  simple  structure.  Suppose  a  certain 
definition  of  a  simple  set  is  established.  (In  section  3  we  will  give 
a  version  of  such  a  definition.)  We  assume  that  each  country  either  is 
a  simple  set  or  is  split  into  a  finite  number  of  simple  subsets  called 
regions.  (If  we  denote  the  i-th  region  by  Q^ ,  then  according  to  our 
conventions  Q^  n  QJ  is  empty  for  i  *  j,  and  the  only  two  possible 
values  for  H^  fi  QJ  are  QJ  and  the  empty  set.)  The  fact  that  C  is 
constant  on  a  region  Q  means  that  the  value  of  C(Q)  is  a  single  set 
in  W. 

According  to  the  definition  of  a  simple  set  which  follows  in 
section  3  the  two  countries  in  Fig.  2.1  may  be  considered  as  separate 
regions   as  well.      The     region      below      the      border      is      defined      by      the 
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inequality   n^^   >    2,    while   the   one  above   the    border      is      defined      by      the 
inequality    n,    <    1, 

Given  a  CVAS  ?  =  01  ,  V^ ,  w,  C) ,  a  set  S  <<  n  ,  a  vector  a  <<  S,  and 
a  vector  w  <<    C(a),    consider   the   following   set    in  n : 

e    (S,    a,    w)    =  U  {a   +  \w} 

0    <\    <  Xq 
X -integer 

where  Xq  satisfies    the   properties: 

a,    a+w,...a+    (Xq-1)w<<    S;    C(a),    C(a+w),...C(a+    (Xo-l)w)>>w; 

but   either  a  +  X  qw    noCS<    S,    or  C   (a  +  Xqw)    not>>    w, 

i.e.      ^0  ^^    ^^^    smallest    value    of  X    =    1,2,...      which    requires    leaving  S 

or      changing     direction     w.      We      define     X  g   =  +  oo  ,      if   a  +  Xw  <^    S  and 

w  <<    C  (a  +  Xw)    for   all   integer  X    >_  0. 

Le  t  a,  b  <<  n  ,  w  <<  W.  We  say  that  h  i_s_  reachable  from  a_  by_  one 
express  t  ransition  (in  the  direction  w_  inside  the  set  S ),  if 
b<<e(S,  a,  w).  For  example,  in  Fig.  2.1  the  node  (1,0,3)  is 
reachable  from  node  (4,0,0)  by  one  express  transition  in  the  direction 
tj^  3  inside  II  3. 

>fcre  generally  we  say  that  h  is_  reachable  f  ran  a_  bv_  n+1  e^yress 
t  ransitions  (inside  S) ,  if  there  exists  a'  <<  S  such  that  a'  i  s 
reachable  from  a  by  one  express  transition  inside  S  and  b  is  reachable 
from  a'  by  n  express  transitions  inside  S.  A  non-recursive  form  of  this 
definition  is  as  follow:  b  <<  S  is  reachable  from  bg  <<  S  by  n  express 
transitions  (inside  S)        if        there        exist        Wj^,...w^<<    W        and 
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^l'*''^n-l   ''^    ^'    such    that    for    i  =    1,  .  .  .n    b^    is    reachable    from   bj^.^^      by 
one   express    transition    in    the    direction   w.    inside    S. 

Let  Sq  <<  r  (y).  We  denote  by  E^(Sq)  the  set  of  all  s  <<  n 
reachable  from  Sq  by  n  express  transitions  inside  n.  dearly, 
E^CSq)    «  E2(So)    «... 

Given  a  CVAS  and  a  corresponding  set  of  regions,  consider  the 
following  problem.  Given  two  regions  Q^  and  Q'^  (s  and  d  stand  for 
source  and  destination,  respectively),  a  vector  w  from  C(Q^),  and  a  set 
S    in   Q^,    produce   the    set 

Q'^        "         [         U        e    (Qg   U    Q^,    a,    w))  , 
a  <<    S 

i.e.       the   set    of   all   vectors    in  Q°    that   are   reachable      from     S      by      one 

express    transition    in    the    direction   w  inside   0      U    Q,.      We   call    this    set 

EJECT    (w,    S,    QS,    qd).       A  way   to    implement    EJECT    will      be      discussed      in 

section   3. 

2.4.    Developing    the   reachability    set. 

Suppose  one  possesses  an  efficient  implementation  of  the  operation 
EJECT.  Ihen  given  a  CVAS  Y  =  (n  ,  V^ ,  W,  C),  the  reachability  set  may 
be  generated  by  a  procedure  DEVELOP  whose  basic  statement  is  the 
expression  "X  <-  EJECT  (...)"  where  X  stands  for  a  set  of  subsets  of  n, 
whose    union   is    theEJECTed    set.       A  more    detailed    description    follows. 
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The   idea   of    DEVELOP    is    transparent    and    relates    very    closely   to    the 
definition      of    CVAS    in  section   2.1:    set   R*-    of    currently   reached    vectors 
is    being   expanded    from   an  initial   condition  R'^'    =  V^   by    iterating      EJECT 
over  R"^'    and    repeatedly  trying    all   possible    directions    w  <<    W. 

R*-  is  represented  as  the  union  of  a  pool  of  subsets  of  II  .  The 
elements  of  this  pool  are  called  BASIC  and  are  identified  with  the  list 
named  BASIC.  Each  BASIC  element  is  a  simple  subset  of  some  region. 
The  list  BASIC  as  well  as  the  set  R*^  evolve  over  the  course  of  the 
computation:  some  BASIC  elements  are  being  created,  others  are  being 
deleted. 

To  effect  the  creation  of  new  BASIC  elements,  DEVELOP  uses 
operation  EJECT  (w,  S,  Q^ ,  Q"^ )  trying  an  already  existing  BASIC  element 
S,  an  appropriate  direction  w,  and  a  destination  region  0".  ftote  that 
the  source  region  Q^  >>  S  is  uniquely  determined  given  S.  DEVELOP 
distinguishes  between  those  BASIC  elements  that  cannot  generate  any  new 
reachable  vector  by  EJECTing  them  and  those  for  which  the  possibility 
to  generate  new  reachable  vectors  by  EJECTing  them  is  "open."  Tne 
latter  BASIC  elements  are  called  OPEN  and  are  identified  with  the  list 
named  OPEN.  When  DEVELOP  detects  the  fact  that  it  is  no  longer 
possible  to  generate  a  new  reachable  vector  by  EJECTing  a  particular 
BASIC  element,  this  element  is  deleted  from  the  list  OPEN.  DE\^ELOP 
terminates  when  the  emptiness  of  the  list  OPEN  is  detected.  The 
condition  means  that  EJECTing  any  BASIC  set  only  produces  vectors  from 
the  already   existing   BASIC    sets. 


BASIC  elements  are  deleted  so  as  to  keep  a  minimal  the  list  BASIC. 
If  a  BASIC  set  is  detected  to  be  a  subset  of  the  union  of  the  other 
BASIC  sets,  then  it  must  be  deleted.  Note  that  both  the  sequence  of 
deletions  leading  to  a  minimal  list  BASIC  as  well  as  the  list  itself 
are    not    unique    for  a    given  R'^. 

The  main   property    of    DEVELOP    is  expressed    in  the    following 

Lemma  2.1.  For  any  given  value  of  n,  after  a  finite  number  of 
steps  the  union  of  all  BASIC  sets  exhausts  E  (V  ).  In  particular, 
DEVELOP    tenninates,    if    R    (4*  )    =  E^Cv"^)    for    some    n. 

Proof    of  this    lemma   will  be    given  at    the   end   of    section    2.4. 

Let  us  discuss  DEVELOP  in  greater  detail.  Each  BASIC  element  has 
a  unique  identification  number  I  which  is  assigned  when  the  element  is 
created,  and  is  derated  by  SI,  as  SI,  S2,...  The  initial  set  V^  is 
supposed  to  be  split  into  the  union  of  m  simple  sets  each  of  which  is  a 
subset  of  a  region:  V^  =  SI  U  S2...U  Sm.  (If  V*-"  reduces  to  a  single 
vector,  v"^  =  {vq},  then  m  =  1  and  SI  =  v'^.  If  V*^  contains  more  than 
one      vector,      and    v'    is   not    simple   or    is    not    a    subset    of   a    region,    then 


BASIC    =  OPEN  =    {Sl,...Sm},       I    =  m.      Enumeration    of    the   new  sets    created 
by   DEVELOP  starts    wi  th  I    =   m   +   1. 


-9- 
DBfELOP  makes  a  transcript  of  its  own  work  by  building  a  certain 
directed  graph  called  in  [3]  a  reachability  forest-  Nodes  of  this 
forest  are  sets  Si  maintained  by  the  algorithm.  An  arc  of  the  forest 
of  the  form  (SipSi2)  ^^  ^^^"8  generated  when  DEVELOP  generates  Si2 
from  Si^.  (More  precise  formulation  is  given  by  the  code  of  DEVELOP 
below.)  Each  of  the  initial  sets  Si,  i  =  1 , .  .  .m,  represents  a  root  of  a 
corresponding  tree  of  the  reachability  forest.  If  m  =  1,  then  this 
forest  reduces  to  a  single  tree,  called  in  [3]  a  reachability  tree, 
having  as    its   root   the   set    SI. 

During  the  work  DEVELOP  may  generate  a  candidate  for  BASIC.  Using 
a  somewhat  anthropomorphic  nomenclature  we  call  such  a  candidate 
NEWBORN.  "Relatives"  of  a  current  NEWBORN  are  all  those  BASIC  elements 
(and  their  copies  from  OPEN,  if  any),  that  belong  to  the  same  region  as 
the  NEWBORN. 

We  abbreviate  as  "NEWBORN  is  safe"  the  statement  "current  NEWBORN 
is  not  a  subset  of  the  union  of  all  its  relatives  from  BASIC." 
Similarly   "NEWBORN  helps  to  eat    its    relative"   means:      "there      exists      a 

relative  Si  in  BASIC  which  is  a  proper  subset  of  the  union  of  the 
NEWBORN     with      all      tVe      NEWBORN'S      relatives      except      Si."      (Here     our 

nomenclature  becomes  rather  hungry-animal  than  anthropomorphic!)  In 
DEVELOP's    code   such     a      relative      Si      is      referred      to      as      "the      eaten 

relative."  Note  that  in  a  frequently  occuring  case  when  the  current 
NEWBORN  is    equal    to   some    of    its    relatives,    both  statements    "NEWBORN      is 

safe"      and      "NEWBDRN      helps      to   eat    its    relative"    are   wrong.      In    such  a 

case  we'd    rather    say    that    "the      relatives      eat      the     NEV-JBOPvN."      However 
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DE\^LOP    does   not    explicitly   maintain    this    "eating,"    hjt   simply    discards 
such      a     NEWBORN.         On      the      contrary,      the    "eating"    of    a    "relative"    is 
effected  explicitly  by   deleting    it   from  BASIC   and,   if   it   was  OPEN,    from 
OPEN. 

DEVELOP    also  uses    following    objects: 
REGION_POOL,    a    list    of    regions; 
CONTRDL_POOL,    a   list    of    vectors    from  W; 
ND-JBORN 'S_POOL,    a    list    of    NEWBORNS; 
PARENT,    a   trial   element    from  OPEN. 

For  the  following  lists  DE\'ELOP  maintains  emptiness  status,  which 
may  take  values  'empty'  or  'non-empty':  OPEN,  REGION_POOL, 
CONTROL  POOL,  NEWBORN'S  POOL.  By  convention,  insertion  of  an  element 
into  a  list  assigns  the  value  'non-empty',  while  deletion  of  the  last 
element  from  a  list  assigns  the  value  'empty'  to  the  emptiness  status. 
Additionally  the  safety  s  t  atu  s  for  PARENT  is  maintained  with  two 
values:  'safe'  or  'eaten'.  (Note  that  no  safety  status  is  explicitly 
maintained  for  NEWBORN.  ) 


We  abbreviate  the  expression  "status  of  <object>  is  '  <value  of 
status>'"  as  "<object>  is  <value  of  status>."  Thus  "PARENT  is  eaten"  is 
the  same  as  "status  of  PARENT  is  'eaten'."  Note  that  against 
expectations  of  our  nomenclature  a  PARENT  might  not  be  a  relative  of 
the  NEWBORN  generated  by  it,  since  these  two  elements  may  be  from 
different  countries. 
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In    the    following    procedure    "get   from    <a    list>"   is  an      abbreviation 
for   "retrieve   and  delete    from   <a   list>." 


store    initial    sets    Sl,...Sm  into   both  OPEN  and  BASIC; 

I  <-  m; 

REPEAT 

get  an  arbitrary  element    Si    from  OPEN 

and  store    it   into   PARENT; 
statu s_of_PARENT   <-    safe 
store    the    region  of    PARENT    into   0^; 
store    C    (PARENT)   into    CONrROL_POOL; 
REPEAT 

get  an  arbitrary  element    w  from  CONTROL_POOL; 
store    the    list    of   all   regions    into  REGION_POOL; 
REPEAT 

get  an  arbitrary  region  from  REGION_POOL 
and  store    it   into  Q' 
JEWBOR.^      _ 
REPEAT 

get  an  arbitrary  NHCBORN    frcm  NEWBORN. 'S_POOL; 

IF  NEWBORN    is    safe 

THIN 

BEG  IN 

I  <-   I  +  1  ; 

SI   <-  NE^^fBORN; 

form   an  arc    from   Si    to   SI 

in  the   reachability  forest; 
WHILE  NEWBORN   helps   to  eat    its    relative 
DO 

delete    the   eaten  relative 
from  both  BASIC    and   OPEN 
ENDJffllLE; 

IF   PARENT   is  one    of   the    deleted   relatives 
THBs 

status_of_PARENT   <-  eaten; 
insert    NBv^BORN    into   both   BASIC    and   OPEN 
END 
UNTIL   (NEWBORN 'S_POOL  is   empty)   or    (PARENT   is  eaten) 
UNTIL  (REGICN_POOL   is  empty)  or    (PARENT   is  eaten) 
UNTIL   (CONTROL_POOL  is  empty)  or    (PARENT   is  eaten) 
UNTIL  (OPEN  is  empty) 


In  Fig.  2.2  and  Fig.  2.3  we  give  the  step-by-step  transcript  of 
DEVELOP  building  the  reachability  tree  for  the  example  of  section  2.2. 
Fig.    2.2      reproduces      the      pattern      of      Fig.    2.1,    although  endpoints    of 
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reachable  vectors  (n,,  n2,  no)  are  represented  in  it  by  symbols  •,  and 
to  avoid  diagrammatic  clutter  we  show  neither  the  values  of  coordinates 
n.  nor  arcs  representing  the  transitions.  Sets  Si  (i  =  1,...12) 
generated  by  DEVELOP  are  presented  by  polygons.  These  polygons  are 
nested  in  two  sets  each  of  which  corresponds  to  one  of  the  two  regions. 
The  region,  corresponding  to  the  inequality  n,  £  1,  is  called 
top -right,  the  opposite  one  is  called  bot  ton-left,  in  agreement  with 
Fig.    2.1   and  Fig.    2.2. 

In  Fig.  2.3  each  row  corresponds  to  one  cycle  of  the  innermost 
loop.  For  each  such  a  cycle  the  following  is  specified:  the  current 
value  of  I  at  the  beginning  of  the  cycle,  the  set  Si  that  is  stored 
into  PAREXT  (and  deleted  fron  OPEX),  the  vector  w  <<  C  (PARE?sT),  and 
the   destination   region. 

The  successive  cycles  of  the  outermost  loop  are  separated  by  lines 
of  "=,"  the  successive  cycles  of  the  innermost  loop  are  separated  by 
lines  of  "-."  Those  innermost  cycles  that  create  empty  XB%^B0R2;  are 
skipped.  Note  that  in  this  example  EJECT  never  produces  a 
NEWBORN'S   POOL  c  onsisting   of    more    than   a    single    element. 


Wl: 


-p^h: 
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Fig.  2.2.  A  graph  representation  of  a  transcript  of  DEVELOP 
building  the  reachability  tree  for  CVAS  given  in  section  2.2. 
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g.    2.3.    A     table    representation   of   a 
reachability    tree    for  CVAS   given  in 


transcript 
section   2.2 


of    DE\^ELOP    building 
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Let  us  follow  the  work  of  DR'ELOP  using  Fig.  2.2  and  Fig.  2.3. 
Rdw  1  represents  the  status  immediately  after  both  BASIC  and  OPEN  have 
been  initialized  to  contain  SI.  According  to  row  2,  PARENT  SI  EJECTs 
NEWBORN  S2  in  the  direction  t^^  fran  the  bottom-left  region  to  the  same 
region.  Since  S2  >>  SI  and  S2  ^t  SI,  this  NEWBORN  is  safe  and  this 
PARENT  is  eaten,  which  causes  DEVELOP  to  terminate  the  current 
outermost  cycle   and    to  begin  the  next   outermost    cycle    (row    3). 

Note  that  at  the  first  outermost  cycle  there  were  three  options 
for  w:  t2j^,  tj^^,  t3j.  The  option  w  =  t^3  was  chosen  first.  Were 
options  w  =  t^^  orw  =  t^j^  chosen  before  w  =  t^j,  then  the  "history" 
would  have  been  slightly  different:  SI  would  have  been  EJECTed  as 
NEWBORN,  the  NB-/BORN  would  not  have  been  safe  and  these  two  EJECTs 
would  have  been  unproductive  (i.e.  they  would  have  generated  no  new 
reachable    vectors). 

The  next   outermost   cycle    (rows   3,    4,    5)      contains      one  productive 

EJECT     (row     3),       vhich      produces      S3,      and    two   unproductive  ones    (rows 

4,5),     in   each    of  which    NEWBORN    S2    is   not    safe   and    is  hence  discarded. 

In  the  next  outermost  cycle  three  first  EJECTs  (rows  6,  7,  8)  are  not 
productive   and    the    last   EJECT    (row    9)   produces    S4. 

Note  that  DEVELOP  can  only  initiate  a  successive  outermost  cycle 
if        OPEN       is        not         empty.  Otherwise      DE\'ELOP      terminates.        This 

non-emptiness  must  occur  at  the  end  of  the  previous  outermost  cycle. 
Ifevertheless  OPEN  might  be  empty  by  the  end  of  intermediate  EJECTs 
(rows  6,    7,    8,    17,    18). 
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The  last    productive    EJECT    produces    S12    (row    19),      at      which      point 
all      attempts      to   EJECT    a    safe    NEWBORN    (i.e.       to   generate   new   reachable 
vectors)    are  unpr  oduct  ive    (rows    20,. ..24).      OPEN   then   remains    empty      at 
the    end   of    the    current    outermost    cycle,    and    DEVELOP    terminates. 

Below  we   represent    the   reachability    tree    corresponding    to  Fig.    2.2 
and  Fig.    2.3. 


->  S2    — >    S3    — >    S4    -->   S6    — >   S7    — >   S9    — >    SIO  -->   Sll  -->   Si  2 

I  I 


V  V 

S5  S8 


Proof  of  leraiiH 


2.1.    Since    E^_^j(s)    =E^(Ej^(S))      by      induction^ 


proof  is  only  required  for  n  =  1.  This  follows  from  the  fact  that  all 
possibilities  of  obtaining  a  vector  reachable  from  an  already  reached 
one   by    an  express   transition  are  exhausted  by  DEVELOP.       |_| 

Corollary  2.1.  DEV^ELOP  terminates  if  and  only  if  the  reachability 
set    is    finite  . 

2.5.    Re  ma  Iks. 

Observing  that  a  finite  reachability  set  can  be  exhausted  by  an 
obvious  "brute-force"  expansion  algorithm  which  follows  directly  from 
the  definition  of  a  CVAS,  one  may  wonder  in  view  of  Corollary  2.1  why 
we      suggest     such      a      complicated    scheme.      We  will   show  tliat   with  minor 
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changes  the   DEVELOP      procedure      can      be      adapted      for      the      case      of      a 
parametric  CVAS,    where    the    "brute-force"   expansion   fails. 

The  sets  Si  and  the  reachability  forest  built  by  DEVELOP  may  not 
be  unique,  since  DE\'ELOP  may  have  several  options  available  when 
choosing  a  PARmT  from  OPEN,  a  vector  w  from  CONTROL_POOL,  a  region 
from  REGION_POOL,  a  NEWBORN  f  rem  NEWBORN 'S_POOL,  or  a  relative  from 
BASIC  to  be  checked  whether  it  should  be  eaten.  However  the  union  of 
a  11  the  sets  present  in  BASIC  upon  temi nation  is  unique  and  r epr es e nt s 
the  reachabili  ty   s  et  of   the  given  CVAS. 

The  example  of  CVAS  chosen  in  section  2.2  to  expose  the  work  of 
DEVELOP     corresponds      to      a     non-compact      program.  Such        a        choice 

demonstrates  mam  steps  of  DEVELOP  and  allows  us  to  draw  a  graph  on 
paper.  For  this  program,  the  larger  N  is  (N  represents  the  total 
number  of  PEs  in  the  parallel  computer)  the  more  steps  are  required  to 
exhaust  the  reachability  set.  For  compact  programs  whose  CVAS  is 
3 -dimensional,  as  in  this  example,  DEVELOP  usually  terminates  in  two  or 
three   st^s. 

3.    The  proosdure  DEVELOP    for  restricted ,    conservative 
and  parametric   CVA S . 

Details  of  the  procedure  DEVELOP  left  unspecified  in  section  2 
were: 

(i)    a    method    for  representing    sets    of    vectors; 

(ii)  a  method  for  testing  whether  or  not  BO  <<  Bl  U  B2  U.  .  .U  Br  for 
given  sets   of    vectors    BO,    Bl,...Br; 
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(i  ii)   a  method    for  performing   EJECT    (w ,    S,    Q^ ,    Q")   for  a  given      integer 
vector  w,    a  set    of    vectors    S,   and   regions    Q^,    Q". 

In  this  section,  a  class  of  restricted  and  conservative  CVAS  is 
specified,  ard  then  the  notion  of  a  parametric  f ami ly  of  C\'AS  is 
introduced.  It  is  in  such  an  environment  that  we  then  complete  the 
specification  of   DE^'ELOP. 

3.1.    Qasses    of   sets   in  n,  . 

Consider  an   inequality 

(3.1)  a^n^   +...+  a^.n^  SIGN   b. 

where      the      vector      (n.^,...n^.)  <<    11^,       the     a^      and        b        are        integer 
coefficients.      SIGN  is    either    ">_"   or   "<_."  This  inequality   is    called: 

definite,    if  all  non-zero    a^    are   of   the    same   sign; 

s imp 1 e ,    if  each  a-    may  take  only  two  values,    0  and   1; 

atomic,      if      all     a.,      but  one,   sav   a,-    ,    are  zeroes,    and   a^      =1,    i.e. 

1'  '  ^  1q'  1q 

a.    =6.    ,•    . 
1  i,iO 

An     inequality      (3.1)        with        a        given        set        of        coefficients 

Df 
a   ==   (a^,...a^,,    SIGN,   b)      defines      a      set      S^      in     II j..      A  finite   set    of 

inequalities  of   the    form    (3.1)  with  sets    of      coefficients     a-^,   02, •.•a£ 

is      called      a      set  description.      Such  a   set    description   defines   the    set 

S   =   S        US       il .  .  SI    S      .         In         the        case        when        both        inequalities 
°'  1  °'2  £ 

(  _<     and     >    )     present      in     a      set      description     with   the    same   left   and 
right-hands ide,    we  will  use    "="  as  a   short-form  representation      of      the 


pair.        We     BE5  or-i  r  i-eq-JS-Zjiriss    -,.    ^   C  which   =ra   i:=rlicitlv   tr^e  ir.  a 


?    «  31-,    described  bv  =    -u:ib=r  cf   relit:-; 


aescrirrion 


.    "•c.rhour  lass   of    cetieraliry   it   c=-   be  assuned  thst 


anc  5-Jcr  a    aescrcrrccr   caei5:L5r5    or    =   runne: 


relarirns      '.5.1''      ir     ishirh      =11     "r 's      are   twcsirive,    =31   a.-    =   :    for  all 
i  «  J   . 


rurrr^r  o: 


C3.3)  s,    =  b^,    i  «   J^.. 


(3.4)  n.  >   b^',    j  «    l..^v. 


fnese  tt 's    beina   railed  urb:r".iei.      -era  l..^v     and      J^.-^     are      dis-'Dint 
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subsets      of      {l,...k};      for  each  i   there  la   at  aost  one  relation  of  the 
form   (3.3)    or  (3.4). 


•ore  a  !DOit     te 


rnlnology.    *en     cailine     a     set     deflr.ite      ''slaroie, 


atomic;  --e  5£si^iie  that  a  corresponding  descrlptior.  is  effectiveij 
supplied-  r-.e  set  S  in  I,  defined  bj  the  inecxiaiity  n-r  —  3ti2  _^  ^  ^n^J 
also  be  defined  bj  tbe  tvc  relations  n-  j^  2  and  n2  =  '-  and  is  therefore 
sisple  ('ever,  atomic).  We  vili  not,  howe-rer,  qualify  S  as  simple  until 
the  second  presentation  is  produced.  Vhiie  it  is  more  accurate  to  name 
the  description  of  a  set  definite  (siaiple,  atomic)  rather  than  zr\&.  set 
itself,  t're  terminology  ve  r^ave  adopted  ma'ces  cmr  subset  uent 
for^lazlo.^   sl^ler.2 

Tose— -atlo-  3.:.  To  obtain  a  description  esf  tbe  intersection 
C  =  A  L  i  -,f  i-o  sets  A  and  2  in  It^,  each  described  by  a  set  of 
inequalities  (3.1),  one  can  apoerjd  t'e  description  of  one  of  "'".e  tifo 
sezs  t-,  r-e  description  of  the  other.  Tr.e  Intersection  of  tvc  definite 
Cslntle.    ato^o.    sets    1=    Itself   a    definite    (simple,   atomic)    set. 

'«e  call  t'ne  A— tart  '3.— party  of  such  a  description  of  C  =  A-  H  B 
those   relations    that   correspond   to  A    'Bj. 

A.  connection  betveen  the   three    classes    of   sets    Introd'-jced   above  is 


^TVp  --g^£-  -.-  ,-?:"  'fng  a.-  object  by  the  name  of  Its  description  is 
ccmmDn.  Another  example  is  a  tecinal  n-jiber.  Is  1  1  '=  1.5)  a  decimai 
mmber? 
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S  =  S,  U. ..U  S  .    S   can  be   split   into   a   fixed  number  of  pairwi 

■  sets  A  ,  S  =     U     A  ,  so   th 
°      0  «  {a}  ^ 

corresponds  a  J.  <<  {a}  such  that  S.  =    U   A_ 
^  ^   0  «  J,-  ^ 


disjoint  atomic  sets  A    S  =     U     A  ,  so   that   to   each  S.   there 
°      0  <<  {a}  °  ^ 


Proof.  First,   consider   the   case  m  =  1.   We  will  assume  that  the 

description  of  the  set  S  =  S,  is  as  in  observation  3.1.   Let  J   be  the 

set   of   those   i's  whose   corresponding   n. 's   are   referenced  in  the 

description   (for   i  <<    J^   there   exists   a   relation  (3.1)   in  the 

description  such  that  a.  *    0).   Let  lim-  =  max    [b^/a^J]  +  1,  where  aJ 

^      j  «    U.  ^  ^ 

is  the  coefficient  a,  in  j-th  relation  (3.1),  U^  is  the  set  of  those  j 
for  which  aP  >  0,  and  [x]  denotes  the  integer  part  of  x.  We  split  J^. 
into  two  subsets  J,  and  J  \  J,  (b  stands  for  "bounded"),  where  J^  is 
defined      as  the    set    of   indices    i    for  which   there   exists    j-th   inequality 


Let  R    be   a      set      in     II,       described      by      the      set      of       inequalities 
n_.    <    lira,-    for   i  <<    Jk.       Then 


(3.5) 


Consider  the  family  ^\^a         °^        atomic        sets        in,     11  j^, 

where  o   =    (s.     ,...s.     ),      ra      is      the      cardinality      of      J^,      and      the      s^ 
1  m 

(i   <,<   J^)      are   integer  non-negative   numbers,    satisfying  s^  _<    lim^.      For 
a   given  a    the  member   of    this    family   R     is    defined   by  m   relations: 
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(3.6a)   n^  =  s.,  if  (a)  i  <<  J^  or  (b)  i  <<  J^  \  J^  and  s.  <  lira.; 
(3.6b)   ri^  2  ^i  ^  ^^'"i  otherwise  (i.e.  if  i  <<  J^  \  J^  and  s.^  =  lim^) 

It  is  clear  that 


(3.7) 


Let  A     =   S  J2    R^  .      Nate    that   a   description   of    the      set     A^      can     be 

obtained      by      appending      m   relations    (3.6)    to  the    description   of    S.    The 

following   reductions    are   applied    to    the    S-part   of      the      description      of 

each  A    :  ^    ., 

o  ■■;      -        • 

1.  For  each  i  corresponding  to  (3.6a)  and  for  each  j-th  inequality, 
such  that  aJ  >_  1,  b^  is  replaced  by  b^  -  s.^  x  a)  and  aj'  i  s  set  equal 
to  0.  (This  corresponds  to  the  substitution  of  the  value  of  n..  =  s^ 
into  the  j-th  inequality.)  If  the  resulting  inequality  degenerates  to  a 
trivial  inequality  containing  no  n.  's  (i.e.  ,  of  the  form  a  _<  b  for 
fixed  numbers  a  and  b),  then  discard  it,  if  it  is  true,  or  declare  set 
A      to   be   empty,    if    it    is  false. 

2.  For  each  i  corresponding  to  (3.6b)  each  j-th  inequality  with  aJ  ^  ^ 
is  discarded.  (This  is  because  the  inequality  is  of  the  form 
.  .  .+  aJxn-    +.  .  .>   bJ    and    is   weaker  than  n.^    >    lim^    since    lim.^x  aP    >  b.  ) 

As  the  result  of  these  reductions  either  one  discards  the  S-part, 
and  the  remaining  part  is  the  description  of  an  atomic  set,  or  one 
discovers  A  to  be  empty.  Taking  into  account  (3.5),  (3.7)  and  the 
fact  that  the  R  's  are  disjoint  for  different  o  we  conclude  the  lemma 
for  m    =  1 . 
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Le t  m  >  1.  Using  the  result  in  case  m  =  1  we  split  each  S.  into  a 
number  of  atomic  sets.  If  the  sets  S.  are  pairwise  disjoint  this 
terminates  our  proof.  Otherwise,  the  partitions  of  different  S.'s 
might  disagree  on  the  intersections  S.  n  S . / .  We  next  show  that  the 
granularity  of  the  partition  of  each  S.  may  be  refined  so  that 
partitions  of  S.'s  will  agree  on  all  pairwise  intersections.  This  will 
be  proved  if  we  can  show  that,  for  any  two  atomic  sets  A  and  B,  each  of 
the  sets  A  Q  B,  Afi  (n^\B),  and  B  Q.  (IIj^VA)  can  be  split  into  a  number 
of  disjoint  atomic  sets.  Since  the  set  A  fi  B  is  atomic  itself,  we  only 
need   consider   the   latter   two    cases. 

It  is  easy  to  see  that  a  set  defined  by  the  negation  of  the  atomic 
relation  (3.3)  or  (3.4)  can  be  split  into  a  finite  number  of  sets  each 
of  which  is  defined  by  an  atomic  relation.  Therefore,  the  sets  n^\B 
and  n,  \A  can  be  split  into  a  finite  number  of  atomic  sets.  Hence 
observation  3.2  gives  the  desired  partitions  for  the  last  two  cases. 
Ill 

3.2.    Restricted    and   conservative    CVAS. 

We  call  a  set  S  <<  H,  conservative  with  parameter  N,  or  simply 
conservative,    if  any    vector    (n,,...n,  )   <<    S    satisfies    the    equation 

(3.8)  n^   +...+  n^  =  N; 

The  notation  hy^  is  reserved  for  the  set  of  all  vectors  in  11^ 
satisfying   (3.8). 
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Recall      tVat      a   region   of  a    CVAS  I*    =    (n  ,    V*^,    W,    C)    is    a    set  Q    in  n 
such    that   C(v)      is      constant      for      any      v  <<    Q.         A      transition     vector 
t^.    =    (ej,e-,,...)  has   coordinates    e^    =    -1,    e-    =    1,    e^    =   0    for  r  *    i,j. 

A  k-dimensional    CVAS  Y    =    (n^,    V°,    W,    C)    is    called    restricted,    if 
n,       can      be    split   into   a    fixed   number  of    disjoint    regions    each   of    which 
is    a    simple   set, 


all    elements    of    W   are    transition    vectors. 


with     parameter   N   or  simply    conservative,    if   its    reachability    set    R    ("i' ) 
is    conservative  with  parameter  N. 

Observation  3.4.  If  a  CVAS  ^  =  (n^,  V^,  W,  C)  is  restricted  and  V*^ 
is   conservative   with   parameter  N,    then  f     is    conservative   with   parameter 

N. 

Note  that  the  value  of  N  is  the  number  of  PEs  in  the  program 
corresponding    to   the    given  CVAS. 

Observation  3.5.  The  reachability  set  of  a  restricted  and 
conservative  CVAS  is  finite  (and  therefore  DEVELOP  always  terminates 
for   a   restricted    CVAS,    cf.      Corollary    2.1). 

As  the  CVAS  we  will  consider  are  always  restricted  and 
conservative,  we  will  often  omit  the  adjectives  "restricted"  and 
"conservative. " 


3.3.    Parame  trie    sets. 

Consider  a   family    {Sj^}    of  conservative  definite      (simple,  atomic) 

sets    with   parameter   N    in  11^.       We    call    this    family   a   parametric  definite 

(simple, atomic)  s  et  (p.d.  ,  p.s.  ,  or  p.a.  set,  respectively),  if  each 
Sjyj  can  be    described    in  the    form 

(3.9)  Sj^  =   S  fi  An, 

where  S  is  a  definite  (simple,  atomic)  set  taken  to  be  the  same  for  the 
entire  family.  In  the  following  we  may  brief  "the  same  for  the  entire 
family"    or  "independent    of    N"    h^'   the    word    "fixed." 

Note  about   terminology:    see  note  about   terminology  in  section   3.1. 

The  (parametric)  empty  set  is  the  family  of  sets  (3.9)  with  S 
taken   the   empty   set. 

Suppose  one  has  three  families  {Aj^},  {B^},  {Cj^}  of  sets  in  11^.  with 
parameter  N.  We  call  {C^^}  the  intersection  of  {Aj^}  and  {Bj^},  if  there 
exists   Nq    such  that   C^  =  Ajj  ^    Bf^   f  or   all  N   >_  Nq. 

Thus,  if  \^  =  {n^  ^1,  nj  +  n2  =  N},  Bj^,  =  {n2  > 2 ,  n^  +  n2  =  N} , 
then  the  intersection  Aj^ /\:i  Bj^:  can  be  defined  as  {n;j_<l,  n2  >_2, 
nj^  +  n2   =   N}.      Here  all   sets   are   considered    in  11  2» 

Observation  3.6.  To  obtain  a  description  of  the  intersection  of 
two  p.d.  (p.s.,  p.a.)  sets  each  described  in  the  form  (3.9),  one  can 
append  the  S-part  of  the  description  of  one  of  the  two  sets  to  the 
S-part      of      the    description   of    the    other,    and    then   append  Aj^— part,    i.e. 
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equation    (3.8).       Intersection   of    two   p.d.       (p.s.,    p.a.  )   sets    is    a      p.d. 
(p.s.  ,    p.a.  )   set. 

Observation  3.7.  If  {Aj^}  is  a  p.a.  set,  then  there  exists  Nq  such 
that  either  for  all  N  _>  Nq  sets  A^  are  empty  or  for  all  N  2  Nq  sets  \-^ 
are  non-emp  ty. 

A  value  Nq  satisfying  the  property  stated  above  is  called  a 
representative    value    (r.v.  )    of   N. 

LemiTB  3.2.  Let  {BO^^},  {Blf^} ,  .  .  .{Br|^}  be  p.d.  sets  in  the  same 
space  n^.      There  exists   Nq   such  that    either    for  all  N   >_  Nq 

(3.10)  BO^   <<  Blf^  U...U  Brj^ 

or    for  all  N   >    Nq    (3.10)    is   false. 

A  value  Nq  satisfying  the  stated  property  is  called  a 
representative  value  (r.v.)  of  N  for  the  relation  (3.10)  or  its 
negation,    respectively. 

Proof.    Let        Bi„   =    s.-    n   Am.         i  =    0.  .  .  .r .       where     S.,- 's      are      fixed 


■j^   =    S^  n   h^,         i  =    0,  ...r,       where 


definite    sets.      As    in    lemma    3.1   we    partition    the      set      Sq   U   S^    U. . .U  S^ 


its    own  set    of    sets   A  Note    that    for   each  o   <<    {o  }    a    family      of      sets 

Df 
^^a.N^N'    where  A^  ^^   ==  ^J   "  ^N>    ^^    ^   P'^-       ^^^-      "^    ^^^^   ^^'^^   ^^  ^0  ^^^ 

maximum  over  all  a 's  of  the  representative  values  of  N  for  p.a.  sets 
{A^  N^N*  "^^^  ^^  discard  all  those  {A^^  ^j^}f^  for  which  the  set  A^^  Q  h^ 
is  empty  when  N  >_  Nq.  '^w  to  each  of  the  p.d.  sets  {BOj^} ,  .  .  .{Brj^} 
there   corresponds   a  J.  <<  {a}  so  that  for  any  N  ^  Nq  the  union  of  all 
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A     j^T  over  all  a   <<    J^   is   Bi»^.      It    is    easy   to   see   that      for      any     N  >^  N( 
(3.10)    is   equivalent    to 


(3.11) 


which   is    a   fixed    (independent    of    N)   relation.      !_| 

In  the  following  two  definitions  all  parametric  sets  are  taken 
from  the  same   space  II.  . 

A  p.d.  (p.s.,  p.a. )  set  {B0„}  is  said  to  be  included  in  the  union 
of  the  p.d.  (p.s.,  p.a.)  sets  {Blj^} ,  . .  .{Br^^} ,  if  there  exists  Nq  such 
that    (3.10)   is  true   for  all  N  >   Nq. 

A  p.d.  (p.s.,  p.a.)  set  {Aj^.}  is  said  to  be  equal  to  the  p.d. 
(p.s.,  p.a.)  set  {Bj^},  if  {Aj^}  is  included  in  {'S,^}  and  {Bj^}  is  included 
in  {Aj^}. 

This  relation  of  equality  between  parametric  sets  is  equivalence. 
We  will  not  distinguish  parametric  sets  if  they  are  members  of  the  same 
equivalency  class  and  will  understand  all  relations  between  parametric 
sets  "modilo"  equivalency  class.  For  example  we  revise  our  previous 
definition  of   the    parametric   empty   set   as   follows: 

A  p.d.  (p.s.,  p.a.)  set  {S^j}  is  called  eraptv,  if  there  exists  an 
Nq  such  that  all  S.,  for  N  2.  Nq  are  enpty  and  is  called  non-empty 
otherwise  . 

Example.  Let  S^^,  <<  Hj,  Sj^t  =  {n^  +  n2  =  N,  nj  <^  1,  n2  £  2}  .  Then 
the  p.s.  set  {Sj^}  is  empty.  Note,  however,  that  sets  Sy,  S2,  S3  are 
not    empty. 
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3.4.     Semantics    o f    the  procedure  DEVELOP    as   applied    to   a  parametric 
CVAS. 

Consider  a  family  of  restricted  and  conservative  Q'AS's  with 
parameter  N,  "i  ^  =  (n  ,  V^,  W,  C) ,  all  of  whose  n  ,  W,  C  are  fixed  (and 
hence  all  of  whose  regions  are  fixed),  and  whose  initial  sets  Vj<  can  be 
split  into  a  fixed  number  m  of  simple  subsets,  V^  =  Slj^i  U...U  Shk.  so 
that  each  family  {Sij^},  i  =  l,2...m,  is  a  p.s.  set.  We  call  such  a 
f ami ly  a  parametric    CVAS. 

A  parametric  CVAS  is  introduced  here  as  a  family  of  fixed 
CVAS's  with  parameter  X.  However,  it  is  more  advantageous  to  think  of  a 
parametric  CVAS  as  a  single  CVAS,  whose  description  includes 
the  symbol  N  together  with  integer  numbers.  The  symbol  N  may  be 
thought  of  representing  a  "very  large"  integer.  We  will  often  omit 
brackets     when      referring      to      a   parametric    set   and    write    S»,   instead   of 

In  accordance  with  such  a  view,  the  procedure  DE\'ELOP  may  be 
thought  of  as  applying  to  a  parametric  C\'AS.  If  we  wish  to  distinguish 
such  a  version  of  DD,'ELOP  from  the  one  defined  previously,  we  will  call 
it  a  parametric  DEVELOP.  In  contrast,  the  DEVELOP  defined  previously 
will   be  called   a  fixed   DEVELOP   in  cases   when  ambiguity  may   result. 

Let  us  explain  the  difference  between  these  two  versions  of 
DE\'ELOP.  After  having  met  the  complete  definition  of  EJECT  which 
follows  in  section  3.10  we  will  see  that  a  fixed  DE\T:L0P  produces  new 
simple  sets  from  the  existing  ones.  In  the  same  way,  a  parametric 
DE\'ELOP  produces    new  p.s.         sets      from      the      existing      ones.         A     fixed 


-27- 

DEVELOP  terminates  for  a  finite  reachability  set.  A  parametric  DETOLOP 
will  not  necessarily  terminate  even  if  the  reachability  set  is  finite 
for   each  particular  value  of   the    parameter  N. 

If  a  parametric  DEVELOP  terminates,  then  it  will  justify  itself 
upon  termination  in  the  following  way.  Only  a  finite  number  of  nodes 
of  the  reachability  forest,  each  representing  a  p.s.  set,  will  have 
been  produced.  According  to  lemma  3.1  we  can  split  the  union  of  all 
these  p.s.  sets  into  a  fixed  number  of  p. a.  sets.  Each  of  these  p. a. 
sets  has  its  own  r.v.  of  N.  We  then  take  as  Nq  the  maximum  of  all 
these  representative  values.  The  parametric  DEVELOP  coincides  with  the 
fixed  DEVELOP  for  any  fixed  N  >_  Nq.  In  particular,  p.s.  sets  {Si>^} 
created  as  nodes  of  the  reachability  forest  represent  fixed  nodes  Sij^, 
and  upon  termination  the  list  BASIC  of  p.s.  sets  represents  the  list 
BASIC  of    the   corresponding    fixed    sets   for  each   N  >_  Nq. 

However,  if  parametric  DEVELOP  does  not  terminate,  then  it  is  more 
difficult  to  assign  a  meaning  to  those  symbolic  set  descriptions  that 
appear  dynamically  during  its  execution.  We  will  make  this  assignment 
in  lemma  3.8. 

3.5.    Function   SHADOW. 

Suppose  that  in  the  k-dimensional  real  space  {x }  =  E^  there  are  a 
vector  a*-*  and  a  polyhedron  S  defined  as  the  intersection  of  i 
half-spaces 

(3.12)  <aJ,x>  SIGN  b^, 
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where  j    =   1  ,  .  .  .i  ,  aJ    =    (a]; ,  .  .  .a,^.  )  <<    E^^  are        given        vectors, 

X   =    (xj^,...X|^)   <<    E|^  are      arbitrary      vectors,      b-^      are     given      scalars, 

<aJ,x>      denotes       the  scalar    product   of   a^   and    x,    and    SIGN    is  either    "V' 

or  ■"^."   Without    loss  of    generality  we   assume    that    <a-'-,a    >   can   only   take 

values      0,    1,    and    -1  and     SlQi      is      ">^."      We    call   an   inequality    (3.12) 

balanced   (protected ,  unprotected ) ,    if  <aJ,a    >  is    equal    to  0    (1,    -1) 

We  define  SHADOW  of  the  set  S  in  the  direction  a^  as  the  following 
set 

SHADOW    (S.aO)    =  u        (S+Xa^). 

X    >    0, 
X    is    real 

The  procedure  of  computing  SHADOW  given  in  the  following  lemma  was 
suggested-^  by  Robert  Thau  [4]  (whose  formulation  is  somewhat 
different  ). 

LemiiH  3.3.  The  set  SHADOW  (S,a'^)  for  a  real  vector  a^  and  a  set  S 
defined   by  £^  balanced,   i      protected,    and  Z  ^      unprotected     inequalities 

(3.12)  is  the  polyhedron  defined  by  the  following 

Df 
£*   ==  i-^  +  Z      +    (£      X   Z^)   inequalities: 

the   same  Z^  balanced   and  Z      protected    inequlities    (3.12)      used      in      the 

description   of  the    set    S; 

the     Z      X   Z^   inequalities 

^p      protected       inequalities       (3.12)       to     each      of      the      Z^      unprotected 

inequalities    (3.12)    used    in   the    description   of    the    set    S. 


Various      algorithms      for  computing      shadows    (in  E^)    are   developed  for 

image   processing.      In    such  aplications      usually      a      convex      set      S  is 

defined      by      its      extremal  points,      not      by      inequalities      as      in  the 
considered   case. 
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Note.    Some   or  all  of   the  numbers  £,  ,   £        Z      may   be   zero. 

Ek ample.  Let  the  set  S  be  the  triangle  ABC,  defined  by 
inequalities  (3.12)        for        j    =1,    2,    3        (see       Fig.    3.1).  Here, 

orthogonal  to  a^),  the  second  is  protected  (a"  forms  an  acute  angle 
with  a^),  and  the  third  is  unprotected  (a-^  forms  an  obtuse  angle  with 
a^).  The        set        SHADOW    (S.a*^)        is        defined        by        the        following 

£^  +  £  +  £  X  £^  =  3  inequalities:  the  first  and  second  inequalities 
(3.12)  for  the  set  S  and,  instead  of  the  unprotected  third  inequality 
(3.12),         the        inequality        <a    ,x>  _>  b    ,        where        a     =3*^+3  and 

b*   =   b2   +  b^. 

Proof  of  lemma  3.3.  Let  S'  be  the  set  in  E,  described  by  the  £* 
inequalities  introduced  in  the  formulation  of  the  lemma.  It  is  easy  to 
see  that  S'    >>  SHADOW    (S,a*^).  We  seek  to        prove        that 

S'     «     SHADOW    (S,aO). 

Let  x^  <<  S' .  If  xj  <<  S,  then  we  have  nothing  to  prove  because 
S  <<  SHADOW  (S,a'^).  So  we  can  assume  that  some  of  the  unprotected 
inequalities  (3.12)  are  false  for  x  =  x^.  Let  Jj  be  the  set  of  indices 
of  those  false  unprotected  inequalities.  (By  the  definition  o?  x,  , 
both  balanced  and  protected  inequalities  tiust  hold  for  x  =  x,.)  For 
each  j-th  unprotected  inequality  (3.12),  if  j  <<  J^ ,  then  there  exists 
the  minimal  X.2  0  such  that  j-th  inequality  (3.12)  holds  for 
x=Xj^-X-x    a.      Note    that    the   value  A  •  may   be   computed   as 


Fig.  3.1.  SHADOW  of  a  triangle  in  the  plane. 
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Let  X^   be    the   maximura  of   all  these  X  j,    j  <<:    Jj ,    and   let    j*  <<    J^    be   the 
number   of    the      inequality      (3.12)      that      supplies      this      maximum,       i.e. 


All  unprotected  and  balanced  inequalities  hold  for  x  =  X2.  Now 
let  us  choose  any  protected  inequality  (3.12),  let  it  be  j'-th 
inequality.     We  prove   that    j'-th   inequality   also  holds    for  x  =  x^. 

The  following    inequality    is  among    those   defining   S': 

(3.13)  <aJ'   +  aJ*,    x>      >     b^'   +  b^*. 

Since    (3.13)   holds   for   x  =  x,,    we  have 

<aJ',x^>      >     bJ'+  (bJ*  -  <aJ*,x^>)      =     bJ'+X^      =     b  J '+ X  A<a  J '  ,a°>. 

Therefore  <aJ    ,    x,    -    (X*  x    a    )>  _>  b^    .  In        other        words, 

X  =  X,   =   xi    -  X*  X    a      satisfies    the   chosen   j'-th      protected      inequality 

(3.12). 

Consequently  we  have  x,,  <<    S,  and  therefore 

x^    =  X,   +  (X*  X    a*^)  <<    SHADOW  (S,a°),    by    the   definition   of   SHADOW.      j_| 

3.6.    Function  IP-SHADOW. 

Let  S  be  a  subset  in  H,  ard  ag  be  a  vector  with  integer 
coefficients.  IP-SHADOW  (Integer  and  Positive)  of  the  set  S  in  the 
direction  a^,   is    the    set 


IP-SHADOW    (S,    ag)    =  (       U  (S  +  Xag)   )    Q   Jl^. 

X    >    0, 
X -integer 
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In  other  words,  a  vector  h  from  H,  lies  in  IP-SHADOVJ  (S,  Bq)  if  there 
exists  a  non-negative  integer  X  and  a  vector  s  from  S  such  that 
h  =  s   +  XaQ. 

Observation  3.8.  The  convex  hull  CONV(S)  in  E,  of  a  simple  set 
S  <<  IIj^  is  described  by  the  same  inequalities  (3.1)  used  in  the 
description  of    S  augmented   by  the    k  inequalities    n..    >    0,    i    =   1 ,  .  .  .k. 

LeniTB    3.4.    Let   S   be  a      simple      set      in     11,^      whose      description      is 
;nt 
ve  ct  o  r . 

The  procedure  SHADOW  of  lemma  3.3  nay  be  applied  to  set  CONV(S), 
and   one  has 


(3.14)  IP-SHADOW    (S,aO)    =  SHADOT    (CONV(S),    aP)  Q   Hj^ 


SHADOW  (CONV(S),a'^)  by  appending  to  the  latter  k  inequalities  n.^  >  0, 
i   =   l,...k.  The        inequalities         (3.12)        of        the        description      of 

IP-SHADOW  (S,a    )    contain   only   integer  coefficients. 

In  the  parametric  case  all  the  assertions  remain  valid  if  one 
replaces   S    by  S^,. 

Proof .  Since  S  is  simple  and  a"^  is  a  transition  vector,  <aJ,a  > 
may  take  only  the  three  values  0,  1,  -1  for  j  =  I  ,  .  .  J.  .  Hence  the 
procedure  of  lemma  3.3  can  be  applied  to  obtain  SHADOW  (CON'V(S),  a*-*). 
Since  the  constants  b^ ,  j  =  !,...£,  are  integers  and  all  vectors  a^, 
j  =  0,  !,...£,  have  only  integer  coefficients,  the  description  of 
SHADOW  (CONV(S),    a'-')    contains    only  integer  coefficients.      If  vector     x^ 
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in      the      proof      of      lemma    3.3      is    integer,    then    the    constant   X^   and    the 
vector  X-   are  also  integer.      Therefore    (3.14)    holds. 

In  the  parametric  case,  ^^  "^  S  fl  A^^,.  Equation  (3.8),  which 
defines  A^,  is  balanced.  Each  protected  and  each  unprotected 
inequality    in   the    description   of    Sj^   does    not    depend      on      N.      Hence      the 

ir 

these  combinations  which  constitute  inequalities  in  the  description  of 
SHADOW  (CONV(S^),  a*^)  which  are  not  in  the  description  of  CONV  (S,^). 
Ill 

3.8.    Operation  SPLIT. 


the      set      S      is  simple.      Two  kinds   of    violations    of   the    definition  of   a 

simple    set   (see  section   3.1)    are  possible: 

(V-1)    the  absolute    value  of   some    a.    is    greater    than    1; 

(V-2)    a^j   X    a^2    <   0  ^ °'^   ^°^^    ^^   ^^'^   ^2. 

Since  all  sets  have  only  fixed  numbers  of  elements  the  possibility 
of  splitting  IP-SHADOW  (S,a^)  into  a  fixed  number  of  simple  sets  always 
exists.      This  solves   the    problem   for   the    fixed   DEVELOP. 


Similarly,  in  the  parametric  case  IP-SHADOW  (S„,a  )  might  define  a 
non-p.s.  set,  even  though  the  set  S.,  is  a  p.s.  set.  However,  the 
possibility  to  split  a  parametric  set  IP-SHADOW  (Sj,,a  )  into  a  fixed 
number  of   p.s.       sets    is    not    evident    in    this    case. 
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In    this    section   we   develop   an   operation   SPLIT    that,       for      a      given 

Df  n 

p.s.    set      Sj^      and      a      given      parametric      set    SHj^   ==   IP-SHADOW    (S^,    a    ), 

produces    a    fixed   number   r    of   p.s.    sets    SH^    ^^    SH2   ]si,...SHj.  ^     with      the 

property    that    SHj^   =    SH^^fj    U    SH2^n   U.  .  .U  SH^.^^-      This   operation    provides 

a  method  of   splitting   in  the    fixed  case  as   well. 


If  no  violation  (V-2)  takes  place  in  the  description  of  the 
parametric  set  SHj^,  then  SHj^  is  a  p.d.  set  of  the  form  S%  =  S  Q  h^, 
and  applying  the  procedure  of  lemma  3.1  to  the  S-part  of  SH  solves  the 
problem  of   splitting   SHj^   into  a   number  of   p.s.      sets. 

An  inequality  (3.1)  which  is  not  definite  is  called  indefinite.  A 
(parametric)  set  whose  description  includes  indefinite  relations  (3.1) 
is   called  an  indefinite   set. 

It  may  be  that  an  indefinite  set  can  not  be  split  into  a  fixed 
number  of  p.s.  sets.  We  will  show  that  the  sets  resulting  from  the 
procedure  of    lemma    3.4  permit  such  a   splitting. 

Consider  an   indefinite    inequality 


(3.15)  T.  ^    -  i^    SIGN  b 


in     a    description  of  a   parametric    set    S^,    Sj^<;<   IIj^.      HereZj^   and!  2  ^^e 
linear   combinations  with  positive   integer   coefficients   of    two      disjoint 


^  Example:  the  set  Sj^  =  {(n2,n2)  |  n^  +  n2  =  N,  nj  -  n2  =  0}  is 
empty /nonempty  for  odd/even  N  _>  0.  Were  it  possible  to  split  Sj^  into  a 
nimber  of  p.s.  sets,  Sj^  would  have  been  either  empty  for  all 
sufficiently   large   N  or   nonempty   for  all   sufficiently   large   N. 
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sets  of  the  variables  n .  ,  SIGN  is  either  "V'  or  "_<,"  and  b  is  an 
integer        constant.  This        inequality      is      called      covered      in     this 

description  if  there  exists  in  the  description  an  inequality  of  at 
least    one  of   the    following    two   forms 

(3.16a)  T.^   +1'    <h' 

(3.16b)  I  2  +Z"  ^  b" 

Here,  Z'  and  I"  are  linear  combinations  with  positive  integer 
coefficients  of  sets  of  the  n^,  the  sets  being  disjoint  in  the  pairs 
(E',Zj^)   and    (Z",Z2)»    respectively,    and  b'    and   b"  are   integers. 

Lemma  3.5.    If      S^     is  a   p.s.      set  then  all  indefinite   inequalities 
(if  any)  in  the    description  of   the    set   IP-SHADOW    (Sj^,    a^)   are   covered. 


Proof.    Only   those  inequalities    in  IP-SHADOW    (S^j^a*^)   that   are  among 


(3.12)    t  o  unprotected    inequalities    (3.12)   may   be  indefinite,      S,,     being 
definite. 

To  simplify  the  notations,  let  1  label  the  source  coordinate  and 
let  2  label  the  destination  coordinate  of  a^.  Thus  a*^  =  (-1 , 1 ,  0,  .  .  .0') . 
Similarly  let  1  label  the  protected  inequality  (3.12)  and  let  2  label 
the     unprotected      inequality        (3.12)        under        consideration.  Since 

<a^,a'-'>    =   1,      <a2,a'^>    =  -1,      ard      the    set    S   is  p.s.,    only  the    following 
four   combinations   are    possible: 
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(Cl)    a^    =  (0,1,  ...),      a2    =   (1,0,...); 

(C2)    al    =   (-1,0,...),    a2    =   (0,-1,  ...); 

(C3)    al    =  (0,1,...),      a2    =  (0,-1, ...); 

(CA)    al    =   (-1,0,...),    a-    =   (1,0,...). 

Here   ".  .  ."  represents  unspecified  components    of   a^   or   a^. 

Combinations  (CI)  and  (C2)  generate  definite  inequalities,  and  we 
need  only  consider  combinations  (C3)  and  (CA).  In  case  (C3),  we  may 
rewrite  the  two  inequalities  that  generate  the  indefinite  inequality  in 
the   form:  •       .-r.Io-.- :-;>   '^^ 

(3.1  7a)  n2+Zj^2+^l2^'''    (protected), 

(3.17b)  n2  +  Z  ^2  +  ^  2  ^  ^^    (unprotected), 

where  I^,  ^2.  ^i?  are  sums  of  pain^rise  disjoint  sets  of  the  nj^ 
excluding  n^  and  m  (sonE  of  these  sums  may  contain  no  terms).  The 
resulting    inequality    in  SHADOT    (S^,a^)    is 

(3.18)  ^1-^2      >     b^    -  b- 

If  ^  1  =  0,  we  have  nothing  to  prove.  Let  I  ^  #  0.  The  description 
of      CONV(Sj^)      nust      contain      the      protected      inequality      n2   >^  0.  The 

combination  of  this  latter  inequality  with  the  unprotected  inequality 
(3.17b)  generates  an  inequality  of  the  form  1^0+^2  —  ^  ^^  ^^^ 
description  of    SHADW';.      Therefore    the   inequality    (3.18)   is  covered. 

In  case  (CA)  the  two  inequalities  that  generate  an  indefinite 
inequality   may   be  rewritten   in  the    form 
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(3.19a)  n^   +  I  ^2  "*"  ^  1  i  ^^    (protected), 

(3.19b)  nj   +  E^2  ■''  ^2  ^  ^^    (unprotected), 

where  as  before  Z^,  Z2,  and  I  j^  2  ^^^  ^^^  °^  pairwise  disjoint  sets  of 
the  variables  n.  excluding  nj^  and  n2  (some  of  these  suras  may  contain  no 
terms).      The   resulting    inequality    in  SHADOW   is 

(3.20)  Ij    -  ^2  1^^   ~  ^^ 

If  Z  j^  =  0,  we  have  nothing  to  prove.  Let  Z  j^  *  0.  The  description 
of  SHADOW  contains  inequality  (3.19a).  Therefore  inequality  (3.20)  is 
covered.       |_| 

Lemma  3.6.  The  set  SHj^  obtained  in  lemma  3.4  can  be  split  into  a 
fixed  number  of   p.s.      sets. 

Proof.  Vfe  only  consider  the  case  of  an  Indefinite  set  SHj^. 
SHj^  =  S  Q  Af^,  and  each  indefinite  inequality  in  the  S-part  of  the 
description  is  covered  (lannH  3.5).  We  note  that  a  predicate 
consisting  of  an  indefinite  inequality  (3.15)  and,  say,  inequality 
(3.16a)  may  be  rewritten  as  the  alternation  Pq  OR  pj  OR.  .  .OR  p^'  of  the 
predicates  p^^  =    {-Z  2   SIGN  b-m}    &    {Z  j    =  m}    &    {Z  '  _<  b'-m},  where 

m  =  0,  l,...b'.  We  can  elimintate  all  covered  indefinite  inequalities 
(3.20)    in   the   description  of    S  using    this    method.       |_| 

From  now  on  we  will  assume  that  the  function  IP-SHADOW  being 
applied  to  a  p.s.  set  is  always  followed  by  the  operation  SPLIT,  and 
we     will     not        explicitly        mention        SPLIT.  (In        our        programmed 

implementation      of      DEVELOP    the  function   IP-SHADOW    invokes    SPLIT    during 
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its  computations.)   According    to   this    new   definition   of      IP-SHADOW,      its 
application       may        return        not        a      single      description      of      the      set 

Df  f^ 

SVLj   ==  IP-SHADOW    (Sj,,    a    )    but    a  set    of    descriptions    of    p.s.       sets    whose 


union   is 


5%. 


3.9.  Function  ENLARGED. 

Let  Q  be  a  simple  region  in  II,  ,  defined  by  a  number  of 
inequalities  (3.1),  with  SIGNs  being  either  "V'  or  "£,"  the  a^  being 
either  0  or  1,  arrl  the  b's  being  integers.  The  set  ENIARGED(Q)  in  n^ 
is  defined  by  the  "loosen  by  1"  inequalities  (3.1)  generated  by 
replacing  each  b  by  either  b  +  1,  if  SIGN  is  "<,"  or  b  -  1,  if  SIGN 
is   ">." 

3.10.  Rinct  ion  EJECT. 

As  a  candidate  for  EJECT  (w ,  Sj^,  Q^,  Q'^)  when  w  <<  C(Q^)  consider 
the   expression 

K    (w,    S^,    q^,    Q*^)    ==  IP-SHADOW    (S^,    w)  f2    Q^  fi    ENLARGED  (Q^). 

When     w  not<<    C(Q^)     we      assume     K   (w ,    S^^,    Q^ ,    Q*^ )      to   be   empty   in   case 

,  Df 

QS  i^   qd   and  K   (w,    Sj^ ,    q^ ,    q^ )    ==  Sj^,    otherwise. 


q1 

Wl:    — >  wj 

m-*        04        0-* 
.            •            ©-^         o-»         O-t 

•■♦        o-*-        o-> 
.           .          •-*        o->        o-> 

+      /• 

X-f              X->              X->              X-+              X 
X->              X->              X-»              X-»              X 

*q3 
W3:    — >  w^ 

case        I    Q'^      |      then  EJECT    (w^,    S,    Q^ ,    Q'^)    consists 


I  I      if   S   consists    of   points    depicted   as 

then  EJECT    (w^,    S,    Q^ 
I      of  points    depicted   as 

(a)  I    q1       I 


(b) 
(c) 


i"Q3~7 


Fig.    3.2.    Three   cases    of    EJECTing 
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Since  IP-SHADOW  may  return  a  set  of  p.s.  sets,  K  may  do  this  as 
well.  On  the  other  hand,  we  may  extend  the  applicability  of  both 
IP-SHADOW  and  K  to  a  pararaetrical  set  Sj^  represented  as  the  union  of 
p.s.    sets  S.^j^:  S^  =   Z^^^   U...US^^jj,  Clearly  K   (S^)    = 

=  K  (S^  ^)  U...U  K  (S^  ^)  for  such  an  Sj^.  Using  this  extension  we  can 
recursively  apply  K  to  a  p.s.  set.  Such  recursive  application  returns 
a   set    of  descriptions    of   p.s.    sets    whose   union   is   the   resulting   set. 

K  gives  the  correct  answer  for  cases  (a)  and  (b)  but  not  for  case 
(c)  in  Fig.  3.2,  in  which  one  should  apply  K  recursively  twice  as  in 
the   following  *  ^ 

Lemma   3. 7.    Let   S^  be  a   p.s.       set   in  R^,    (f      and     Q'^      be      two      (not 
necessarily      different)      regions      of      a     CVASYj^,    Sj^   <<Q^,    w  <<    C(Q^). 
Ihen 
(3.21)        EJECT  (w,    S^,    qS,    Qd)    =  K   (w ,    K   (w,    S^,    Q^,    qd),    qd). 

Proof    follows   directly   from   the    definitions.       |_| 

3.11.    Operation  EMPTY-REDUCE. 

Practical  considerations  compel  one  to  reduce  set  descriptions  to 
possibly  minimal  forms  and  to  discard  descriptions  of  empty 
pararaetrical      sets      at        early        stages.  The        following        operation 

EMPTY-REDUCE     implements      such  a    reduction   using  lemmas  3.1   and  3.2  and 
the   algorithms   described    in  their    proofs. 

The  input  to  Ef-IPTY -REDUCE  is  a  description  (3.9)  of  a  p.d.  set  S^^ 
comprising  the  pararaetrical  relation  (3.8)  that  describes  the  Aj^-part 
and  a  number  of   fixed   relations    (3.1)    that   describe   the    S-part. 
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EMPTY-REDUCE  generates  as  output  an  indication  of  whether  or  not 
the  p.d.  set  S^^j  is  empty.  If  Sj^  is  not  empty,  a  description  of  the 
S-part  with  a  minimal  number  of   relations    (3.1)    is  also  produced. 

The  test  S^^  <<  {an  empty  set}  is  used  to  produce  the  indication  of 
the      emptiness   of    S^.      Minimization  of   the    description  of   the   S-part   is 

implemented   as  follows.      Each  relation    (3.1)    in  the    description  of    S   is 

Df 
tested     for  redundancy.      To    do   this,    the   set    Sj^    ==  S'  fi  Aj^  is    formed   by 

eliminating   the   tested   relation   from   the   description  of   the    set      S.      If 

Sj^    <<  Sfj,      then      the      chosen     relation      is    redundant   and    is   eliminated. 

Note  that   a   minimal  description  of    S^^   thus    obtained  may   be  not   unique. 

From  now  on  we  will  assume  that  the  function  IP-SHADOW  being 
applied  to  a  p.s.  set  is  always  followed  by  the  operation 
EMPTY-REDUCE,  and  we  will  not  explicitly  mention  EMPTY-REDUCE.  (In  our 
programmed  implementation  of  DEVELOP  the  function  IP-SHADOW  invokes 
EMPTY-REDUCE  during  its  computations.)  It  is  assumed  that  we  discard 
the  resulting  descriptions  of  the  empty  p.s.  sets  and  replace  the 
non-minimal  descriptions  of  the  resulting  non-empty  p.s.  sets  by  the 
minimal  descriptions   suggested  by  the   EMPTY-REDUCE. 

3.12.    Exhaustion   lemma. 

We  now  wish  to  establish  in  the  parametric  case  the  result 
corresponding  to  lemrra  2.1  in  the  fixed  case.  Note  that  lemma  2.1  may 
also  be  called  the  exhaustion  lemma,  since  it  states  that  a  fixed 
DEVELOP  eventually  exhausts  the  set  £^(5*^)  for  any  n.  This  fact  does 
not  however  imply  a_  priori  that  a  parametric  DEVELOP  eventually 
exhausts    the   set  E^(S^)   for  all  N.    (For   example  this    would  not      be      the 
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case  if    the   number  of   steps    required   by  the    fixed      DEVELOP      to     exhaust 
E^(Sf^)    increases   with  N.) 


Lemma  3. 8.  For  any  given  value  of  n,  after  a  finite,  fixed  number 
of  steps  the  union  of  all  parametric  BASIC  sets  exhausts  E  (v2).  In 
particular,      DEVELOP      teminates,      if      there      exist      n  and  Np.   such  that 


R    (H-f^)    =  Ej^(vg)    for  all  N    >    Nq. 


Proof  is  that  of  lemma  2.1  if  one  additionally  mentions  that  the 
number  of  EJECTed  NEWBORN  sets  for  each  application  of  EJECT  does  not 
depend   of    N.     |_| 

4.    Compactness  and  termination  of   the  parametric  DEVELOP. 

In  view  of  the  exhaustion  lemma  we  have  to  find  the  conditions 
under  which    E^(V^)   exhausts   R(V^)   f  or  a   fixed   n. 

If  DEVELOP  teminates,  then  E^(V^)  =R  QV  ^)  for  some  n.  In  this 
case  the  corresponding  program  is  compact  with  respect  to  the  initial 
set  Vj^j,  i.e.  ary  reachable  state  s  may  be  reached  from  an  initial 
state    within  a    finite  amount   of   time   not    depending  on  N. 

Theorem  4.1  below  states  the  opposite  inference,  provided  that  the 
program  is  normal.  Recall  from  [3]  that  if  a  program  is  normal  then 
there  is  a  restricted  and  conservative  parametric  CVAS  corresponding  to 
it.  In  this  correspondence,  a  state  of  the  program  in  Bose  semantics 
corresponds  to  a  vector  s  <<  11,  s  =  (n-|^ ,  . .  .n^^) ,  where  k  is  the  number 
of  the  statements  in  the  program,  and  n.  is  the  number  of  PEs  at 
statement    Pi    of   the    program. 
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4.1.    The   "stones,    boxes   and  a   gate"   scheme. 

Two     boxes,      box     I      and     box      II,      contain      n-r      and     n 


II 


respectively.  Stones  may  move,  from  I  into  II  and  from  II  into  I.  One 
stone  moves  at  a  time.  No  one  stone  can  move  more  than  once.  Clearly, 
any    sequence   o    of  moves   satisfying   these   properties    is   finite.        Let     m 

be      the      length     of      such  a   a    and  p^    be  the   narabf-r  of  stones    in  I   after 

Df 
i-th  move,    i    =   l,...m;    Pq  ==  n-j-.      Let  r  be  a    fixed   natural   number.      The 

gate        is      called      closed     at     instance      i,      i   =  0,1, ...m,      if      p.    >   r. 

Otherwise   the    gate   is    called  open  at   instince   i. 


Let  i^  be  the  number  of  times  that  the  gate  changes  its  status 
(fran  "open"  to  "closed"  or  from  "closed"  to  "open").  Then 
£^  =  Jl'^Cnj,    nji,  a). 


Lemma  4.1.  Max       £^(n-j-,    n^j,  a)      =  2r. 

nj,njj,o 


In    particular,    Ji'^  is    bounded     above     independently      of      the      number      of 
stones.      A   possible   set    {n-r,    n-r-r,   a    }    that    supplies    this  maximum  is: 
there  are   2r    stones    in   total,   numbered    from    1    to   2r; 
all   stones    with   odd  numbers   are    placed    initially  into   I,   n^    =   r; 
all     stones      with     even     numbers      are      placed      initially     into   II, 
nj*   =   r; 

0      =    {move  1  ,  . .  .move2    } ,    v*iere    move,    is  the   move   of   stone    i    from     I 
into   II   for  an   odd   i,    or  from  II   into    I   for  an  even  i,    i    =   l,...2r. 

Proof .    Since      £.^(n-r,    nj-[-,   o    )    =   2r,      we      only      need     to   prove   that 
X.'^Cn-j.,    njj,   a)  _<  2r        for        an        arbitrary        set         {n-j-,    n-[-j,  a}.  Let 

a   =    {move^ ,  .  .  .move^}.      There   are    two    cases:    (A)   n-j-    >   r;    (B)   nj    <^  r-1. 
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In  case  (A)  the  gate  is  closed  at  instance  0.  Let  i^  be  the  last 
instance  of  i  such  that  the  gate  is  closed  at  instance  i.  If  i*  =  m, 
then  we  have  nothing  to  prove,  so  let  i^  <  m.  Then  p^  =  r  and  no  more 
than  r  gate  openings  are  possible  (raove^  _|_^  corresponds  to  the  first 
such  an  opening).  At  instance  i*+l  the  gate  is  open,  and  no  more  than 
r  successive  closings  are  possible.  Hence  the  total  nuraber  of  changes 
in  the   gate    status    in  case    (A)   is   no  more    than   2r. 

In  case  (B)  the  gate  is  open  at  instance  0.  Let  i*  be  the  last 
instance  of  i  such  that  the  gate  is  open  at  instance  i.  If  i*  =  m,  then 
we  have  nothing  to  prove.  Otherwise  we  can  similarly  prove  that  no 
more  than  r-1  succes-sive  openings  and  no  more  than  r  closings  are 
possible.  Hence  the  total  nuraber  of  changes  in  the  gate  status  in  case 
(B)   is   no  more  than   2r-l.       |  _| 

4.2.    Termination   of  DEVE LOP   for  a_  parametric   VAS. 


LemiiH  4.2.  Let  4'j^  =  (Hj^,  V^,  W)  be  a  restricted  and  conservative 
parametric  VAS,  i.e.  a  restricted  and  conservative  parametric  CVAS 
(n^,  v2,  W,  C)  such  that  the  value  of  the  control  C(v)  is  W  for  all 
V  <<  IIu.  Assone  W  contains  exactly  p  elements  and  n^  is  the  only 
region.  Then  R  QH ^)  =  E(V^)  and  hence  DEVELOP  terminates  for  this 
VAS. 

Note.  Since  it  is  decidable  whether  or  not  one  p.  s.  set  is  a 
subset  of  another,  so  it  is  decidable,  given  two  resticted  and 
conservative  parametric  VAS  ^^  and^l'^,  whether  or  not  R  (*^)  <<  R  Ci ^) . 
This   question   is   undecidable    for   the    general    (non-parametric)   VAS    [1]. 
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Procf    of   the    lemma.    Let  v  <<    R   (¥j^).      Then 

(A.l)  V  =  Vq  +  Ajw^   +  A2W2  +.  .  .+  XpWp, 

where  Vq  <<  v9,  w^  «  W,  and  the  coefficients  X^  are  non-negative 
integer  for  i  =  1,  ...p.  The  following  statement  implies  the  assertion 
of    the   lemma : 

There  exists    a  sequence   of   non-negative   integers  y  ^^ ,  y2.*''Uri      ^^^ 

a        permitation        of        the     sequence      of      the      vectors      w,  ,    W9...W        to 

Df 
Wj/,    W2'...w  '    such  that    with  v^   ==  Vq  +  y  j^wj^ '+..-.+  p  ^^w^j^'    (i   =    0,  .  .  .p) 

one  has   v^  <<    R  (*jj)   for  all   i  =    0,  ...p. 

We  will  prove  this  statement  using  induction  on  p.  For  p  =  1  the 
statement  is  trivial.  Suppose  it  is  true  for  p-1  and  smaller  values 
and  prove  it   for  p. 


If      there      exists      a  set    of  q    non-zero  A  .    ,  ,  .  J,  ■      from  those  X  ^  in 

1  q 

(4,1)    such   that 


(4.2)  0  =  w       +. ..+  w.    , 

M  ^q' 


then  we  can  reduce  X^  f  ran  this  set  by  substracting  equation  (4.2)  from 
(4.1),  Only  a  finite  number  of  such  reductions  is  possible,  hence  we 
can  assune  (4.1)  to  be  irreducible,  i,e,  that  (4.2)  may  hold  for  no 
set  {i^,.,,i  }  «  {l,,,,p}.  We  assume  that  all  X^'s  in  (4,1)  are 
non-zero;    otherwise  we   are  at  a   case   of  a  smaller   p. 
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Consider  a  directed  graph  G.  Possible  nodes  of  G  are  labels 
l,2,...k,  k  being  the  dimension  of  the  given  VAS.  G  is  generated  by 
its  set  of  arcs  (i.e.  it  does  not  contain  isolated  nodes).  G  contains 
an  arc  (i,j),  iff  a  transition  vector  t^.  exists  anong  those  w^^ ,  . .  .w^ 
of  (4.1).  (Recall  that  all  w.  in  (4.1)  are  transition  vectors  since 
the  VAS  is  restricted.)  A  cycle  in  G  woiild  correspond  to  an  equation  of 
the   form  (4.2).      Hence   G  has  no  cycle. 

Tnerefore  there  exists  a  node  i.-,  in  G  which  is  the  starting  point 
of      no  arc    in  G.    Th-ere   is    at    least    one   arc    in  G  that  ter:rl nates   at   node 


Xq,    the  vector  w-      corresponding    to  this    arc. 


Nov   \^  can  reduce  t 
(4.1)    still  holcfe  when  t 


he    'b"   case   to  a    'b-1"    case   by      obser\'ing      that 


:he    tert!  X  .  w-      is    elird.natec  and  v-    is   replaced 

Jo  Jo 
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bv  vA  ==  vr,  +  X  i   w-  <<  "u.   The  sue  in  this  new  (4.1)   contains   only 

U  U  Jg      Jq  f. 

p-1  terms.  By  the  inductive  hypothesis  v  z£.y  be  reached  free  vi  by  at 
most  p-1  express  transitions.  And  v;:,  can  be  reached  froc  v.'^  by  one 
express  transition  (in  the  direction  w.  ).  Therefore  v  can  be  reached 
from  Vn  bv   at  most  v   exnress   transitions.       |     | 


4.3.    DBTLO?  exiacsts    the  states    reachable 


Recall  [3]  that  if  F  is  the  rr ogress  functional  of  the  progran 
then,  for  a  given  set  S  of  the  progratt  states,  the  set  rCS^i  is  t'ne  set 
of  states  reachable  from  S  when  each  PE  executes  at  most  one  statetent. 
By  definition  F^''"^(S)  =F  (F^(S)).  Assuming  that  one  statement 
requires  one  time  unit  for  its  execution,  F"(S)  becomes  the  set  of 
states    reachable    from   the   set    of    states    S  witnan   time   t. 
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LemiTB  A.  3.  Let  P  be  a  normal  program  with  corresponding  parametric 
CVAS  ^^  =  (ni^,vS,W,C).  Then  for  any  positive  integer  t  there  exists  an 
n   such  that   Ft(vO)    =  E^(vg). 

Proof  is  required  only  for  the  case  t  =  1.  This  will  be  proved  if 
we   establish  the    following    statement. 

If  0  =  (sq,  si,...s  )  is  a  finite  path  in  the  reachability  graph 
of  the  program  beginning  with  some  Sq  <<  V^  and  such  that  all  its 
states    s^    lie  in  F    (V^)   then: 

(i)  only  a  finite  number  of  jumps  from  region  to  region,  bounded 
independently  of  N,  is  possible  along  a;  (ii)  for  a  segment  z  of 
contiguous  states  of  a  inside  a  region  Q,  ?  =  (s^,  s^^]^,  .  .  .s  i+j.) , 
Sj,  s.^i,...Si^  <<  Q,  there  exists  a  finite  number  h  of  auxiliary 
states  s^j.-.s^!,  <<  Q,  bounded  inependently  of  N,  each  s^ ,  i  =  2,  ...h, 
being  reachable  from  s^_^  by  one  express  transition  inside  Q,  sj  =  s^, 
^h    =  Sj+r- 

Proof  of  (i).  Recall  that  a  region  Q  is  defined  by  a  number  of 
inequalities    of   the    form 


(4.3)  E        n .    >  r 

i  «   J      ^  - 


or  its  negation  together  with  equation  (3.8).  Here  J  is  a  set  of 
indices  and  r  >  0.  We  associate  a  "stones,  boxes  and  a  gate"  scheme 
with  each  inequality  (4.3)  defining  Q.  Here  stones  are  PEs ,  box  I 
contains  those  PEs  at  statements  Pi  for  i  <<  J,  and  box  II  contains 
other  PEs.      Jumping   from  region   to   region   is    only    possible    by      changing 
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the  status    of   the    gate    in  one    of   these   schemes.      Therefore    property    (i) 
follows   from  lemma   4.1. 

Proof  of  (ii).  A  simple  region  can  be  split  into  a  fixed  number 
of  fixed  atomic  sets  (lanriH  3.1).  Therefore,  without  loss  of 
generality,  we  can  assume  that  each  region  is  an  atomic  set  A  described 
b>'  f  fixed  relations  (3.3)  and  u  unbounded  relations  (3. A),  and  that 
f  <  k,  where  k  is  the  dimension  of  our  CVAS.  We  also  assume  that 
■^fix  ^  ^unb  "^  {l,2,...k},  hence  f  +  u  =  k.  (The  unreferenced  n^  may  be 
assumed  unbounded  with        b-'-   =0.)        We        specify        an        auxiliary 

VAS       f    =    Ol,   v9    W)    corresponding   to  an  atomic  region  A  as   follows: 

the   coordinates   n.    of    vectors    from  II    are   labeled  by    indices  i      taken 

from   the   set   J      ,  ; 
unb' 

these  n^    are    mapped  onto   the    coordinates    n^   of    vectors    v  <<    A  by    the 
equality  ^^   =  n^   -  b^,    for  all   i  <<    -^unb^ 

the   set  W  consists    of   those   w  <<    C(A)  whose   non-zero   coordinates   are 
unbounded    (i.e.       their   indices   are    from  -J^^tj). 

Now    (ii)    is  a   restatement    of    lemma   4.2   for  the   VAS  4*  .       |_| 

4.4.    A  criterion   of  termination  for  DEVELOP. 

Theorem  4. 1 .  For  the  CVAS  corresponding  to  a  normal  program,  a 
parametric  DEVELOP  initiated  by  the  set  V^  terminates  if  and  only  if 
the    program   is    compact    with    respect    to  V^. 
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? r o of .    Co::p acmes  s  aeans    that   there      exist     Nq     and     t     such      that 
R    (?^0    =r^(.V^)     for  all  N'  >;  Nq.      Bv    lentH   4.3   there  exists    n  such  that 
Ft(V^)    =  E^(V§).      By  lemma   3.8  this  proves   the    "if"      part.        The      "only 
if"  part   is    evident    (and  was  explained   in   [3],    section  3.7).       |_| 

5.    Condusior.:   unsolved  problems . 

1.  Is      temination      of      an  alnios  t-nornEl   progran  equivalent   to  its 
coix>actness? 

2.  How  can  one    deternine  the    conditions   under  which     DE\^LOP      does 
not   terminate    or    detect   non-tenni nation   during   execution? 

3.  How      can     one   increase  V,^  so  that   a   non-coroact   progran  beconies 


4.  If  the  analysed  program  nay  be  split  into  a  number  of  layers, 
each  of  -^ich  is  a  sinpler  routine,  how  can  one  produce  either  the  RSD 
for  the  entire  program  or  a  good  approximation  to  it,  given  the  RSDs  or 
their   aonr  oxima  tions   for   the    layers? 
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